public function isValidSignature($secret, $assocType)
{
$params = OpenId::extractParams($this->params);
$signature = OpenId::buildSignature($params, $this->getSigned(), $secret, $assocType);
$foreignSig = $this->getSig();
return strcmp($foreignSig, $signature) === 0;
}
public function initialize($username, $returnTo)
{
$identity = sprintf($this->endpoint, $username);
parent::initialize($identity, $returnTo);
}
public function redirect(array $overrideParams = array())
{
parent::redirect(array_merge(array('openid.claimed_id' => 'http://specs.openid.net/auth/2.0/identifier_select', 'openid.identity' => 'http://specs.openid.net/auth/2.0/identifier_select'), $overrideParams));
}
protected function doCheckAuthentication()
{
try {
$extractor = new ResExtractor();
$request = $extractor->extract($this->data);
if ($this->onCheckAuthentication($request) === true) {
$body = OpenId::keyValueEncode(array('ns' => self::NS, 'is_valid' => 'true'));
} else {
throw new Exception('Authentication not successful');
}
} catch (\Exception $e) {
$body = OpenId::keyValueEncode(array('ns' => self::NS, 'is_valid' => 'false'));
}
$this->response->getBody()->write($body);
}
public function testOpenIDKeyValue()
{
$expect = array('mode' => 'error', 'error' => 'This is an example message');
$str = 'mode:error' . "\n" . 'error:This is an example message' . "\n";
$this->assertEquals($str, OpenId::keyValueEncode($expect));
$this->assertEquals($expect, OpenId::keyValueDecode($str));
}
protected function doCheckAuthentication(Url $url)
{
$params = $url->getParams();
$params['openid_mode'] = 'check_authentication';
$data = http_build_query($params, '', '&');
$body = new TempStream(fopen('php://memory', 'r+'));
$request = new Request(new Url('http://127.0.0.1/openid'), 'POST', array('Content-Type' => 'application/x-www-urlencoded'), $data);
$response = new Response();
$response->setBody($body);
$controller = $this->loadController($request, $response);
$body = (string) $response->getBody();
$data = OpenId::keyValueDecode($body);
$this->assertEquals('http://specs.openid.net/auth/2.0', $data['ns']);
$this->assertEquals('true', $data['is_valid']);
}
/**
* Is called if an user has made a friendship request on an remote website.
* The website makes a call to the api/user/friend/relation inorder to
* inform us that the friendship request was made. We make an webfinger
* request to the host and check whether the user actually exists. If the
* user exists on the remote website we create the friend as remote user
* in our user account table and create a relation to this user.
*
* @param RecordInterface $record
* @return boolean
*/
protected function handleRequest(RecordInterface $record)
{
$sql = <<<SQL
SELECT
\t`host`.`id` AS `hostId`,
\t`host`.`name` AS `hostName`,
\t`host`.`template` AS `hostTemplate`
FROM
\t{$this->registry['table.core_host']} `host`
WHERE
\t`host`.`name` = ?
SQL;
$row = $this->sql->getRow($sql, array($record->host));
if (!empty($row)) {
// request profile url
$email = $record->name . '@' . $row['hostName'];
$profile = $this->getAcctProfile($email, $row['hostTemplate']);
$identity = OpenId::normalizeIdentifier($profile['url']);
// create remote user if not exists
$con = new Condition(array('identity', '=', sha1($this->config['amun_salt'] . $identity)));
$friendId = $this->sql->select($this->registry['table.user_account'], array('id'), $con, Sql::SELECT_FIELD);
if (empty($friendId)) {
$security = new Security($this->registry);
$handler = $this->hm->getHandler('AmunService\\User\\Account', $this->user);
$account = $handler->getRecord();
$account->globalId = $profile['id'];
$account->setGroupId($this->registry['core.default_user_group']);
$account->setHostId($row['hostId']);
$account->setStatus(Account\Record::REMOTE);
$account->setIdentity($identity);
$account->setName($profile['name']);
$account->setPw($security->generatePw());
$account = $handler->create($account);
$friendId = $account->id;
}
// create relation
$friend = $this->hm->getTable('AmunService\\User\\Friend')->getRecord();
$friend->friendId = $friendId;
return $this->create($friend);
} else {
throw new Exception('Invalid host');
}
}
/**
* Builds the url to redirect the user back to the relying party
*
* @return PSX\Url
*/
public function getUrl($secret, $assocType)
{
// build signature
$params = OpenId::extractParams($this->buildParams());
$signed = $this->getParamsToSign($params);
$signature = OpenId::buildSignature($params, $signed, $secret, $assocType);
$params = $this->buildParams();
$params['openid.signed'] = implode(',', $signed);
$params['openid.sig'] = $signature;
// add params to url
$url = $this->getReturnTo();
if (empty($url)) {
throw new InvalidDataException('No return_to url was set');
}
foreach ($params as $k => $v) {
$url->addParam($k, $v);
}
return $url;
}
